Reports, proud muckraking, photos, videos and musings from the veteran LGBT and AIDS human rights advocate Michael Petrelis. Based in San Francisco since 1995.
Contact: MPetrelis_at_AOL_dot_com.
Vote Petrelis for BART Board District 9 in November!

Tuesday, May 06, 2014

SF DPH Personal Data Security Breach Affects 55,900 Patients

When a government agency wants to bury bad news, it issues a press release on a Friday in the hope that there will be minimal attention paid to the problem.

On Friday, March 21 the San Francisco Department of Public Health posted an alert about a troubling security breach impacting thousands of patients:

A February
5 break
-
in at the Torrance, CA office of Sutherland Healthcare
Solutions resulted in the theft of computers that included patient information from Sutherland
clients, including the San Francisco Department of Public Health (DPH).
Sutherland, which contracts with DPH to provide
billing services, informed DPH on March 18
that personal information of approximately
55,900
San
Francisco
medical
patients was stolen,
including names,
billing information, and in some cases
social security numbers, dates and
locations of services
and dates of birth
.
The
majority of
patients were cared for at DPH facilities
between August 2012 and November 2013.

Over at the SF Chronicle reporter Victoria Tolliver wrote a story that appeared on a Saturday, probably the day with the lowest number of readers for the paper's print and web editions and as far as I can determine, no other media outlet picked up on the security breach.

Since I was a patient of the DPH system (I'm now receiving primary care at UCSF's 360 Poz Clinic), I received a letter via snail mail alerting me to this breach and followed the instructions on how to protect my data and credit rating through private firm contracted with and paid for DPH, for one year.

That letter was sent to all patients but a friend of mine receiving care at the Castro Mission Health Center told me over the weekend he didn't receive the letter and had no idea about the breach. He doesn't read the Chronicle and because he recently moved, not all of his mail has been forwarded to his new address.

Of course, I told him where to find the letter instructing him how to protect his info and hope he's signed up for the free credit protection services.

If you were a patient of DPH's system or still receive services from one of their facilities, you should get informed about this breach. More info is posted here.